Jan Cizmar

#9626of 53,632
28.7Total CVSS
Vulnerabilities · 4
Medium
2
High
1
Critical
1
PT-2024-35163
9.8
2024-11-12
Tolgee · Tolgee · CVE-2024-52297
**Name of the Vulnerable Software and Affected Versions** Tolgee version 3.81.1 **Description** Tolgee is an open-source localization platform. The issue concerns the public exposure of all configuration properties in the `PublicConfigurationDTO` to users. **Recommendations** For Tolgee version 3.81.1, update to version 3.81.2 to resolve the issue.
PT-2024-24593
4.3
2024-04-18
Tolgee · Tolgee · CVE-2024-32466
**Name of the Vulnerable Software and Affected Versions** Tolgee versions prior to 3.57.2 **Description** Tolgee is an open-source localization platform. The issue concerns the `/v2/projects/translations` and `/v2/projects/{projectId}/translations` endpoints, where translation data was returned even when the API key was missing the `translation.view` scope. However, it was impossible to fetch the data when the user was missing this scope. This is only relevant for API keys generated by users permitted to `translation.view`. **Recommendations** For versions prior to 3.57.2, update to version 3.57.2 to resolve the issue. As a temporary workaround, consider restricting access to the `/v2/projects/translations` and `/v2/projects/{projectId}/translations` endpoints for API keys without the `translation.view` scope.
PT-2024-24598
6.5
2024-04-18
Tolgee · Tolgee · CVE-2024-32470
**Name of the Vulnerable Software and Affected Versions** Tolgee versions 3.57.2 through 3.57.3 **Description** Tolgee is an open-source localization platform. When an API key created by an admin user is used, it bypasses the permission check at all. **Recommendations** For Tolgee versions 3.57.2 through 3.57.3, update to version 3.57.4 to resolve the issue. As a temporary workaround, consider restricting the use of API keys created by admin users until the update is applied.
PT-2023-26488
8.1
2023-07-27
Tolgee · Tolgee · CVE-2023-38510
**Name of the Vulnerable Software and Affected Versions** Tolgee versions 3.14.0 through 3.23.1 **Description** Tolgee is an open-source localization platform. When a request is made using an API key, the backend fails to verify the permission scopes associated with the key, effectively bypassing permission checks entirely for some endpoints. This issue only affects projects that have inadvertently exposed their API keys on the internet. Projects that have kept their API keys secure are not impacted. **Recommendations** For versions 3.14.0 through 3.23.1, update to version 3.23.1 to resolve the issue. As a temporary workaround, consider restricting access to API endpoints that use API keys until the update is applied. Additionally, ensure that API keys are kept secure and not exposed on the internet to minimize the risk of exploitation.